Content Security Policy
Last updated
Was this helpful?
Last updated
Was this helpful?
To ensure seamless integration and optimal functionality of our tools, customers must configure their Content Security Policy (CSP) to allow access to specific domains. This documentation page provides a list of the required endpoints, enabling customers to whitelist the necessary domains and maintain secure, uninterrupted access to our services.
For further details about CSP, visit this site:
img-src on domains * and *
script-src on domains * and *
connect-src on domain *.
frame-src on domains *.
Files are hosted on and returns Javascript
This includes containers, Privacy, Cookies sync, MIX and DATA Javascripts
, returns a pixel
CDN javascript hosting
CDN javascript hosting
Notice : in debug mode (tc_debug=1) returns some plain text ... not sure it's necessary to be mentionned as it should never be used in production
CDN javascript hosting
CDN javascript hosting
Examples:
Note : the difference is the /mix/ in the URL for the first party tracking.
Onsite data collection
CDN javascript hosting
, returns a pixel
https://*, returns Javascript
https://*. , returns a pixel
, returns a pixel
, returns a pixel
, returns a pixel
, returns a pixel
, returns a pixel
, returns a pixel
, returns a pixel
img-src on domains *. and *. and *
script-src on domains cdn. and
frame-src on and
connect-src on domain * and *
collection URL :
(since may 2020)
, returns a pixel
, returns a pixel
returns a pixel
returns a pixel
img-src on domains *.
script-src on domains *
https://*./v3 , returns a pixel
https://*.c3 , returns a pixel
https://*.w3 , returns a pixel
https://* , returns a pixel
https://* , returns a pixel
https://*, returns a pixel
img-src on domains *
script-src on domains *.
connect-src on domain *.
dms, returns a pixel